Cybersecurity in the World of HR Analytics

These days cybersecurity is on everyone’s minds.  In May, we watched as the Colonial Pipeline shutdown paralyzed the East Coast after a ransomware attack.  Also in May, we felt the impact to food supplies as a Brazilian-based pork and beef processor, JBS S.A., fell victim to a cybersecurity attack, disabling its slaughterhouses.  Every day we hear another story of various attacks hitting businesses and individuals.

In recent years companies have ramped up their Information Security resources.  While this is good, having an Information Security department can lull others in organizations into a false sense of security, thinking someone else has it handled.  The cliche picture of hackers is an evil genius in a hooded sweatshirt working away at their computer using sophisticated programming to break into networks and systems.  So we think firewalls, Intrusion Detection Systems, and network monitoring by skilled Cybersecurity personnel will save us.   While this is sometimes the case, the reality is that hackers these days often use unsophisticated, targeted personal methods to gain access to our digital environments; Social Engineering is the number one method:

• That alluring email prompting us to click a link.
• That call from our “IT Department” asking for our login credentials to perform a necessary system update.
• In other cases, hackers use massive password databases to repeatedly attempt logging into systems until they gain access.

As technology grows, so, too, do the number of ways our systems can be compromised.

What does this mean for the world of HR Analytics?  HR data is valuable.  Employee data such as social security numbers, banking information, addresses, and other personal data makes HR systems ripe for attacks.  And with numerous external-facing applications, this data does not just sit behind multiple layers of corporate information security infrastructure.  All this together means that all HR Analytics personnel must be mindful of Information Security.  Though it can sound daunting, there are simple steps that can be taken:

• Establish password security protocols mandating strong passwords and password changes at frequent intervals and utilize multi-factor authentication
• Never click email links unless the validity of the links can be established
• Never give out login credentials when anyone calls, your IT department will never ask you for this information
• Require VPN access when accessing the corporate network from the outside your corporate network
• Use strong anti-virus software

These are just a few of a multitude of steps to keep yourself and your HR Data safe.  Recently Evan Francen, CEO of FRSecure and SecurityStudio joined us on the HR Data Labs podcast to talk about Cybersecurity and the impact on HR Analytics.  Evan has worked in Information Security for many years and has seen it all.  He says that good security behaviors begin at home.  “People are creatures of habit.  Their good/bad habits at home are the same habits they bring to the workplace.”   As the number of workers accessing corporate networks from home has grown exponentially, so too, has the potential for breaches.  So safety at home translates to safety at work.  To help safeguard data at home his company, SecurityStudio, has developed a free resource called S2Me that individuals can use to determine potential vulnerabilities in their home environment along with mitigation strategies to decrease these vulnerabilities.

We will never be 100% secure.  Hacking is a huge and lucrative industry and bad people and organizations will always be on the hunt to compromise our data.  But with simple, concrete steps and resources, we can go a long way in securing our most valuable assets….our people data.